A cybercriminal group, "Scattered LAPSUS$ Hunters," claims to have stolen nearly one billion records by targeting Salesforce (CRM.N) customers through "vishing" attacks, not directly breaching Salesforce's platform, which the company denies was compromised. The group, previously linked to hacks on major British retailers, reportedly tricked customer employees into installing modified software, underscoring significant social engineering vulnerabilities for enterprises relying on cloud services.
LONDON, Oct 3 (Reuters) - Cybercriminals connected to a recent string of ransomware attacks on major British retailers said on Friday they had stolen almost 1 billion records from cloud technology giant Salesforce (CRM.N) by focusing on companies that use its software. A group calling itself "Scattered LAPSUS$ Hunters" told Reuters it had obtained the Salesforce records, and said they contain personally identifiable information. The group also claimed responsibility for the hacks of Marks & Spencer (MKS.L), Co-op (42TE.L) and Jaguar Land Rover earlier this year. Make sense of the latest ESG trends affecting companies and governments with the Reuters Sustainable Switch newsletter. Sign up here. Advertisement · Scroll to continue Reuters was not able to verify the group’s claims. Salesforce said its systems were not hacked. "At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology," a Salesforce spokesperson said. One of the hackers, who identified themselves as Shiny, told Reuters in an email they did not directly hack Salesforce, but targeted Salesforce customers using "vishing," or voice phishing, a form of social engineering attack in which hackers impersonate employees to IT help desks over the phone. Scattered LAPSUS$ Hunters published a leak site on the darkweb on Friday which listed around 40 other companies it said it had hacked. It was not clear if those companies were Salesforce clients. Both the hackers and Salesforce declined to say if they were negotiating a ransom. Advertisement · Scroll to continue In June, security researchers at Google's Threat Intelligence Group said the group, which it tracks as "UNC6040," had “proven particularly effective at tricking employees” into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import data into Salesforce environments. Technical infrastructure tied to the hacking campaign shares characteristics with suspected ties to the broader and loosely organised ecosystem known as “The Com,” which is known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the Google researchers said. In July, British police arrested four people under 21 as part of a police investigation into cyberattacks that disrupted operations at UK retailers. Reporting by James Pearson; Editing by Sergio Non and Diane Craft Our Standards: The Thomson Reuters Trust Principles. Cybercriminal group "Scattered LAPSUS$ Hunters" claims to have stolen nearly 1 billion records by targeting Salesforce (CRM) customers, not Salesforce's core platform directly. The group leveraged "vishing" to trick customer employees into installing modified software, a social engineering tactic, while Salesforce has explicitly denied any compromise of its platform or known vulnerabilities. This incident, which carries a strongly negative sentiment for CRM (-0.7), highlights a significant social engineering vulnerability for enterprises relying on cloud services, as the attacks bypass direct platform security. Google's Threat Intelligence Group confirmed the group's effectiveness in tricking employees and noted its connection to the broader "The Com" cybercriminal ecosystem, which previously claimed responsibility for attacks on major British retailers like Marks & Spencer and Co-op. While Reuters could not verify the hackers' claims, and ransom negotiations remain unconfirmed, the allegations introduce reputational risk for Salesforce and its customer ecosystem. The overall market impact score of 0.55 suggests moderate concern over data integrity and customer security protocols, despite Salesforce's denial of a direct breach.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.60
Ticker Sentiment
